<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 22 December 2016 at 13:05, Asai <span dir="ltr"><<a href="mailto:asai@globalchangemusic.org" target="_blank">asai@globalchangemusic.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Still trying to figure this out, still am not doing something right. I’m still getting REFUSED when trying to do transfers from Master to Slave. Not sure what I’m doing wrong, so please point out my errors here. I have two views, but neither are getting any transfers so I’ve only included one in the config.</div></blockquote><div><br></div><div>It would help if you included your entire config. You're likely editing out important things.</div><div>At the very least, your supplied config is missing the server{} statements necessary to use TSIG in your zone transfer requests.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><br></div><div>Here’s my part of my config for Master and Slave:</div><div><br></div><div>MASTER (10.233.0.198):</div><div><br></div><div><div>key WAN-key {</div><div><div> algorithm hmac-md5;</div><div> secret “FsrWAd2G5saYSd3bOx0mw==";</div><div> };</div><div><br></div><div>key LAN-key {</div><div> algorithm hmac-md5;</div><div> secret “4hKGvi4BDswdTD2f1sEE2i==";</div><div> };</div><div><br></div><div>acl lan_hosts { key LAN-key; !key WAN-key; <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>; <a href="http://10.233.0.0/24" target="_blank">10.233.0.0/24</a>; localhost; };</div><div>acl wan_queries { key WAN-key; !key LAN-key; !<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>; !<a href="http://10.233.0.0/24" target="_blank">10.233.0.0/24</a>; };</div><div><br></div><div>include "/etc/rndc.key";</div><div>controls {</div><div> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };</div><div> };</div><div><br></div><div>view "LAN” {</div><div><br></div><div><div>match-clients { lan_hosts; };</div><div>allow-transfer { key LAN-key; };</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span></div><div>also-notify { 10.233.0.189 key LAN-key; };</div></div><div> </div><div><div>zone “intranet.site" {</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>type slave;</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>masters {</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>10.233.0.198;</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>};</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>file "/var/named/slaves/intranet.<wbr>site.LAN.hosts";</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>};</div></div><div>}</div></div></div><div><br></div><div><br></div><div><br></div><div><br></div><div>SLAVE (10.233.0.189):</div><div><br></div><div><div>key WAN-key {</div><div> algorithm hmac-md5;</div><div> secret “FsrWAd2G5saYSd3bOx0mw==";</div><div> };</div><div><br></div><div>key LAN-key {</div><div> algorithm hmac-md5;</div><div> secret “4hKGvi4BDswdTD2f1sEE2i==";</div><div> };</div><div><br></div><div>acl lan_hosts { key LAN-key; !key WAN-key; <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>; <a href="http://10.233.0.0/24" target="_blank">10.233.0.0/24</a>; localhost; };</div><div>acl wan_queries { key WAN-key; !key LAN-key; !<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>; !<a href="http://10.233.0.0/24" target="_blank">10.233.0.0/24</a>; };</div><div><br></div><div>include "/etc/rndc.key";</div><div>controls {</div><div> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };</div><div> };</div><div><br></div><div>view "LAN” {</div><div><br></div><div>match-clients { lan_hosts; };</div><div><br></div><div><div>zone “intranet.site" {</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>type slave;</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>masters {</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>10.233.0.198;</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>};</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>file "/var/named/slaves/intranet.<wbr>site.LAN.hosts";</div><div><span class="m_-1918380169215574400Apple-tab-span" style="white-space:pre-wrap"> </span>};</div></div><div>}</div><div>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><pre class="m_-1918380169215574400moz-signature" cols="72"><br></pre></div></div>
</div>
<br><div><blockquote type="cite"><div><div class="h5"><div>On Dec 21, 2016, at 10:59 AM, Asai <<a href="mailto:asai@globalchangemusic.org" target="_blank">asai@globalchangemusic.org</a>> wrote:</div><br class="m_-1918380169215574400Apple-interchange-newline"></div></div><div><div><div class="h5"><div style="word-wrap:break-word"><div>Yes, thank you. I think Mark’s link to the article is the proper solution. Thank you for your reply.
</div><div><br></div>
<br><div><blockquote type="cite"><div>On Dec 21, 2016, at 10:55 AM, Matthew Pounsett <<a href="mailto:matt@conundrum.com" target="_blank">matt@conundrum.com</a>> wrote:</div><br class="m_-1918380169215574400Apple-interchange-newline"><div><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 20 December 2016 at 16:45, Asai <span dir="ltr"><<a href="mailto:asai@globalchangemusic.org" target="_blank">asai@globalchangemusic.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Greetings,<br>
<br>
Quick question. Using BIND 9.9.4. I have 2 zones. One for LAN traffic, and one for WAN traffic. My secondary server is transferring the wrong zones, so that my WAN zone has all the A records for my LAN zone.<br>
<br>
Any insights on this?<br><br></blockquote><div>Most likely you've misconfigured your master server such that the slave (secondary) sees the wrong zone when doing zone transfers. But, because you haven't provided any real detail about your configuration, no one is going to be able to provide much in the way of advice about how to fix it.</div><div><br></div><div>You should read the article that Mark Andrews linked, and if you still are not able to solve the problem you should return with some details about your setup. </div></div><br></div></div>
</div></blockquote></div><br></div></div></div><span class="">______________________________<wbr>_________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a> to unsubscribe from this list<br><br>bind-users mailing list<br><a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a></span></div></blockquote></div><br></div></div><br>______________________________<wbr>_________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a><br></blockquote></div><br></div></div>